一、解决方法步骤
1、系统:centos7.8
2、执行命令:
[root@cdh-cm-v01 ~]# host_name=cdh-master-v01.yunes.com;
[root@cdh-cm-v01 ~]# openssl ca -config /root/ca/intermediate/openssl.cnf
-extensions server_cert
-days 3600
-notext
-in /root/ca/intermediate/csr/ h o s t n a m e . c s r − o u t / r o o t / c a / i n t e r m e d i a t e / c e r t s / {host_name}.csr \ -out /root/ca/intermediate/certs/ hostname.csr −out/root/ca/intermediate/certs/{host_name}.pem
[root@cdh-cm-v01 ~]# host_name=cdh-master-v01.yunes.com;
[root@cdh-cm-v01 ~]# openssl ca -config /root/ca/intermediate/openssl.cnf \
> -extensions server_cert \
> -days 3600 \
> -notext \
> -in /root/ca/intermediate/csr/${
host_name}.csr \
> -out /root/ca/intermediate/certs/${
host_name}.pem
Using configuration from /root/ca/intermediate/openssl.cnf
Enter pass phrase for /root/ca/intermediate/private/intermediate.key.pem: tianlingqun
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4098 (0x1002)
Validity
Not Before: Sep 26 12:06:16 2022 GMT
Not After : Aug 4 12:06:16 2032 GMT
Subject:
countryName = zh
stateOrProvinceName = gd
localityName = sz
organizationName = macro
organizationalUnitName = dev
commonName = cdh-master-v01.yunes.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
CF:D7:25:A3:9E:14:EF:78:A3:5D:61:DD:8E:19:C5:91:AF:31:37:67
X509v3 Authority Key Identifier:
keyid:AC:52:5E:07:72:71:85:56:01:CF:53:1F:5A:60:A4:1B:82:F4:6B:F1
DirName:/C=zh/ST=gd/L=sz/O=yunes/OU=yunes/CN=yunes/emailAddress=gsxxx@163.com
serial:10:00
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:cdh-master-v01.yunes.com
Certificate is to be certified until Aug 4 12:06:16 2032 GMT (3600 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
3、解决方法
1)第一种重新创建
cd /root/ca/intermediate
ls -l
mv index.txt index.txt.xxx
touch index.txt
2)第二种删除里面重复数据
[root@cdh-cm-v01 intermediate]# vi index.txt
3)第三种修改配置文件
vi index.txt.attr
[root@cdh-cm-v01 intermediate]# vi index.txt.attr
#unique_subject = yes
unique_subject = no
